General
-
Target
46c00eb565b5ae7af22f2504236306d8
-
Size
10.3MB
-
Sample
220809-zyq1dagbgn
-
MD5
46c00eb565b5ae7af22f2504236306d8
-
SHA1
135590d55b60b9292ac0b1324fae0a978f1a78e2
-
SHA256
eb59ea0ffdff9bc9fda9aae2903f144a274cc65cf7f79d18efb4ce04c8d02f08
-
SHA512
ff4791230e91311a2dd9b8f041886e86cf054d03543ceaaf3f7d6d3e760307bb3a4f233d735080e08af12e0c097471fbfe66eef3e7135eb7ec99c3abf789fa02
Static task
static1
Behavioral task
behavioral1
Sample
46c00eb565b5ae7af22f2504236306d8.exe
Resource
win7-20220718-en
Malware Config
Extracted
tofsee
svartalfheim.top
jotunheim.name
Targets
-
-
Target
46c00eb565b5ae7af22f2504236306d8
-
Size
10.3MB
-
MD5
46c00eb565b5ae7af22f2504236306d8
-
SHA1
135590d55b60b9292ac0b1324fae0a978f1a78e2
-
SHA256
eb59ea0ffdff9bc9fda9aae2903f144a274cc65cf7f79d18efb4ce04c8d02f08
-
SHA512
ff4791230e91311a2dd9b8f041886e86cf054d03543ceaaf3f7d6d3e760307bb3a4f233d735080e08af12e0c097471fbfe66eef3e7135eb7ec99c3abf789fa02
-
XMRig Miner payload
-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-